GETSECRET( secretname, valuename )
| secretname | A string constant containing the name of the secret. |
| valuename | A string constant containing the name of the key within the secretname for which you want the value. |
| Return: | GETSECRET returns a STRING value. |
The GETSECRET function retrieves a Kubernetes or Vault secret.
ECL code can only access secrets under the eclUser category. Other categories are intended for system use or use only by internal ECL functions.
A secret is a collection of key value pairs. The first argument is the name of the secret and that secret can contain multiple key value pairs. The second argument is the actual key within that secret for which you want to retrieve the value.
Example:
// This example assumes a secret named k8s-example has been created on your K8s deployment
// and it contains a key named crypt.key
IMPORT STD;
STRING pubKey := '-----BEGIN PUBLIC KEY-----' + '\n' +
'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWnKkGM0l3Y6pKhxMq87hAGBL6' + '\n' +
'FfEo2HC6XCSQuaAMLkdf7Yjn3FpvFIEO6A1ZYJy70cT8+HOFta+sSUyMn2fDc5cv' + '\n' +
'VdX8v7XCycYXEBeZ4KsTCHHPCUoO/nxNbxhNz09T8dx/JsIH50LHipR6FTLTSCXR' + '\n' +
'N9KVLaPXs5DdQx6PjQIDAQAB' + '\n' +
'-----END PUBLIC KEY-----' + '\n';
//--------------
//K8S Example
//--------------
DATA k8sData := x'5C62E1843162330ED7BDAB7F37E50F892A669B54B8A466ED421F14954AA'+
'0505BA9EADAC4DA1D1FB1FD53EBDCF729D1049F893B3EE53ECCE48813A5'+
'46CF58EBBB26EF5B9247002F7A8D1F90C3C372544501A126CEFC4B385BF'+
'540931FC0224D4736E4E1E4CF0C67D035063900887C240C8C4F365F0186'+
'D0515E98B23C75E482A';
VARSTRING k8sKey := (VARSTRING) GETSECRET('k8s-example', 'crypt.key');
k8sEncModule := Std.Crypto.PKEncryptionFromBuffer('RSA', pubKey, k8sKey);
OUTPUT( (STRING)k8sEncModule.Decrypt(k8sData), NAMED('k8s_message'));